added users that can be disabled

2024-03-10 17:26:25 -05:00 · 2024-03-10 17:26:25 -05:00 · eda1db9136
parent 9418b91b4d
commit eda1db9136
6 changed files with 193 additions and 94 deletions
--- a/hosts/horizon/configuration.nix
+++ b/hosts/horizon/configuration.nix
@ -1,6 +1,5 @@
 # leyla laptop
 { config, pkgs, inputs, ... }:
-
 {
  imports =
    [
@ -17,6 +16,10 @@

  sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";

+  users.leyla.isNormalUser = true;
+  users.ester.isNormalUser = true;
+  users.eve.isNormalUser = true;
+
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
--- a/users/default.nix
+++ b/users/default.nix
@ -1,6 +1,6 @@
-{...}:
+{ ... }:
 {
-  imports = [ ./leyla ./ester ./eve ];
+  imports = [ ./leyla ./ester ./eve ./remote ];

  users.mutableUsers = false;
 }
--- a/users/ester/default.nix
+++ b/users/ester/default.nix
@ -1,23 +1,45 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.ester;
+in
 {
-  sops.secrets."passwords/ester" = {
-    neededForUsers = true;
-    # sopsFile = ../secrets.yaml;
+  options.users.ester = {
+    isNormalUser = lib.mkEnableOption "ester";
  };

-  # Define user accounts
-  users.users.ester = {
-    isNormalUser = true;
-    uid = 1001;
-    description = "Ester";
-    extraGroups = [ "networkmanager" ];
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/ester" = {
+        neededForUsers = true;
+        # sopsFile = ../secrets.yaml;
+      };
+    };

-    hashedPasswordFile = config.sops.secrets."passwords/ester".path;
+    users.groups.ester = {};

-    packages = with pkgs; [
-      firefox
-      bitwarden
-      discord
+    users.users.ester = lib.mkMerge [
+      {
+        uid = 1001;
+        description = "Ester";
+        group = "ester";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
+          extraGroups = [ "networkmanager" ];
+
+          hashedPasswordFile = config.sops.secrets."passwords/ester".path;
+
+          packages = with pkgs; [
+            firefox
+            bitwarden
+            discord
+          ];
+        } else {
+          isSystemUser = true;
+        }
+      )
    ];
  };
 }
--- a/users/eve/default.nix
+++ b/users/eve/default.nix
@ -1,25 +1,47 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.eve;
+in
 {
-  sops.secrets."passwords/eve" = {
-    neededForUsers = true;
-    # sopsFile = ../secrets.yaml;
+  options.users.eve = {
+    isNormalUser = lib.mkEnableOption "eve";
  };

-  # Define user accounts
-  users.users.eve = {
-    isNormalUser = true;
-    uid = 1002;
-    description = "Eve";
-    extraGroups = [ "networkmanager" ];
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/eve" = {
+        neededForUsers = true;
+        # sopsFile = ../secrets.yaml;
+      };
+    };

-    hashedPasswordFile = config.sops.secrets."passwords/eve".path;
+    users.groups.eve = {};

-    packages = with pkgs; [
-      firefox
-      bitwarden
-      discord
-      makemkv
-      signal-desktop
+    users.users.eve = lib.mkMerge [
+      {
+        uid = 1002;
+        description = "Eve";
+        group = "eve";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
+          extraGroups = [ "networkmanager" ];
+
+          hashedPasswordFile = config.sops.secrets."passwords/eve".path;
+
+          packages = with pkgs; [
+            firefox
+            bitwarden
+            discord
+            makemkv
+            signal-desktop
+          ];
+        } else {
+          isSystemUser = true;
+        }
+      )
    ];
  };
 }
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@ -1,69 +1,91 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.leyla;
+in
 {
-  sops.secrets."passwords/leyla" = {
-    neededForUsers = true;
-    # sopsFile = ../secrets.yaml;
+  options.users.leyla = {
+    isNormalUser = lib.mkEnableOption "leyla";
  };

-  # Define user accounts
-  users.users.leyla = {
-    isNormalUser = true;
-    uid = 1000;
-    description = "Leyla";
-    extraGroups = [ "networkmanager" "wheel" ];
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/leyla" = {
+        neededForUsers = true;
+        # sopsFile = ../secrets.yaml;
+      };
+    };

-    hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
+    users.groups.leyla = {};

-    packages = with pkgs; [
-      iputils
-      dnsutils
-      git
-      firefox
-      signal-desktop
-      obsidian
-      bitwarden
-      vscodium
-      nextcloud-client
-      inkscape
-      steam
-      discord
-      rhythmbox
-      makemkv
-      protonvpn-gui
-      transmission-gtk
-      freecad
-      mupen64plus
-      dbeaver
-      easytag
-      cura
-      kicad-small
-#        jdk
-#        android-tools
-#        android-studio
-      androidStudioPackages.canary
-      jetbrains.idea-community
-      ungoogled-chromium
-      nodejs
-      exiftool
-      libreoffice
-      # N64 Emulator
-      mupen64plus
-      # GameCube Emulator and Wii Emulator
-      dolphin-emu
-      # Switch Emulator
-      yuzu-mainline
-      # Atari 2600 Emulator
-      stella
-      # mame Emulator
-      mame
-      # Game Boy Advanced Emulator
-      vbam
-      # NES Emulator
-      fceux
-      # SNES Emulator
-      zsnes
-      # DS Emulator
-      desmume
+    users.users.leyla = lib.mkMerge [
+      {
+        uid = 1000;
+        description = "Leyla";
+        group = "leyla";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
+          extraGroups = [ "networkmanager" "wheel" ];
+
+          hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
+          
+          packages = with pkgs; [
+            iputils
+            dnsutils
+            git
+            firefox
+            signal-desktop
+            obsidian
+            bitwarden
+            vscodium
+            nextcloud-client
+            inkscape
+            steam
+            discord
+            rhythmbox
+            makemkv
+            protonvpn-gui
+            transmission-gtk
+            freecad
+            mupen64plus
+            dbeaver
+            easytag
+            cura
+            kicad-small
+      #        jdk
+      #        android-tools
+      #        android-studio
+            androidStudioPackages.canary
+            jetbrains.idea-community
+            ungoogled-chromium
+            nodejs
+            exiftool
+            libreoffice
+            # N64 Emulator
+            mupen64plus
+            # GameCube Emulator and Wii Emulator
+            dolphin-emu
+            # Switch Emulator
+            yuzu-mainline
+            # Atari 2600 Emulator
+            stella
+            # mame Emulator
+            mame
+            # Game Boy Advanced Emulator
+            vbam
+            # NES Emulator
+            fceux
+            # SNES Emulator
+            zsnes
+            # DS Emulator
+            desmume
+          ];
+        } else {
+          isSystemUser = true;
+        }
+      )
    ];
  };
 }
--- a/users/remote/default.nix
+++ b/users/remote/default.nix
@ -0,0 +1,30 @@
+{  lib, config, ... }:
+let
+  cfg = config.users.remote;
+in
+{
+  options.users.remote = {
+    isNormalUser = lib.mkEnableOption "remote";
+  };
+
+  config.users = {
+    groups.remote = {};
+
+    users.remote = lib.mkMerge [
+      {
+        uid = 2000;
+        group = "remote";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          # extraGroups = [ "wheel" ];
+          isNormalUser = true;
+          openssh.authorizedKeys.keys = [];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
+  };
+}